* Add support for TPM1.2 and TPM2.
This adds measured boot support and will be extended with Secureboot.
Signed-off-by: Christian Walter <christian.walter@9elements.com>
In BlSupportDxe read the AcpiBoardInfo and set PcdTpmInstanceGuid
to indicate that a TPM is likely present as TPM tables had been installed
by the bootloader.
The Tcg*Dxes will probe for the TPM, so no need to do it here as well.
Signed-off-by: Patrick Rudolph <patrick.rudolph@9elements.com>
Probe for ACPI tables
* TPM2
* TCPA
and store the result in AcpiBoardInfo.
Will be used to determine if a TPM1.2 or TPM2.0 is present.
Signed-off-by: Patrick Rudolph <patrick.rudolph@9elements.com>
Install the gPciPlatformProtocol to scan for Option ROMs.
For every device we probe the Option ROM and provide a pointer
to the activated BAR if found.
It's safe to assume that all ROM bars have been enumerated,
reserved in the bridge resources and are disabled by default.
This is made a mandatory bootloader requirement in the next commit.
Enabling them and leaving them enabled will do no harm.
This can easily be tested on qemu, where it will start finding Option ROMs
for VGA and network cards.
Signed-off-by: Patrick Rudolph <patrick.rudolph@9elements.com>
Signed-off-by: Marcello Sylvester Bauer <marcello.bauer@9elements.com>
Cc: Patrick Rudolph <patrick.rudolph@9elements.com>
Cc: Christian Walter <christian.walter@9elements.com>
Cc: Maurice Ma <maurice.ma@intel.com>
Cc: Nate DeSimone <nathaniel.l.desimone@intel.com>
Cc: Star Zeng <star.zeng@intel.com>
Recent model Chromebooks only return ACK, but not
BAT_SUCCESS, which causes hanging and failed ps2k init.
To mitigate this, make the absence of BAT_SUCCESS reply
non-fatal, and reduce the no-reply timeout from 4s to 1s.
Tested on google/dracia and purism/librem_14
Signed-off-by: Matt DeVillier <matt.devillier@gmail.com>
Don't set PcdDebugPropertyMask for release builds, and properly set it
for debug builds based on SOURCE_DEBUG_ENABLE.
Signed-off-by: Matt DeVillier <matt.devillier@gmail.com>
Previous 1s timeout causeed stalls on boot splash with no benefit.
Reduced to 100ms and no interruptions to boot when no SD card inserted.
Signed-off-by: Matt DeVillier <matt.devillier@gmail.com>
array.fromstring and array.tostring deprecated, and alias for
array.frombytes and array.tobytes. Deprecated since version 3.2,
have been removed in version python 3.9.
Cc: Bob Feng <bob.c.feng@intel.com>
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Signed-off-by: Yunhua Feng <fengyunhua@byosoft.com.cn>
Startup script does nothing other than confuse users.
Show a welcome banner and tell users how to exit.
Signed-off-by: Matt DeVillier <matt.devillier@gmail.com>
Make sure that:
* FaultTolerantDxe is started before VariableRuntimeDxe
This ensures that FailedTolerantPei is not required and faults when writing
the variable store are discovered
* Start BlSupportDxeSmbios early to install board specific NULL protocols
Signed-off-by: Patrick Rudolph <patrick.rudolph@9elements.com>
This adds support for FVB in order to support a platform independent
and non-volatile variable store on UefiPayloadPkg. It is required for
non-volatile variable support, TPM support, Secureboot support and more.
Since commit bc744f5893fc4d53275ed26dd8d968011c6a09c1 coreboot supports
the SMMSTORE v2 feature. It implements a SMI handler that is able to
write, read and erase pages in the boot media (SPI flash).
The communication is done using a fixed communication buffer that is
allocated in CBMEM. The existence of this optional feature is advertised
by a coreboot table.
When the SMMSTORE feature is not available the variable emulation is used
by setting PcdEmuVariableNvModeEnable to TRUE.
Add a library for SMMStore to be used in DXE.
The DXE component provides runtime services and takes care of virtual to
physical mapping the communication buffers between SMM and OS.
Make use of the APRIORI DXE to initialize an empty store on the first boot
and set the PCDs to sane values before the variable driver is loaded.
Tests on Intel(R) Xeon(R) E-2288G CPU @ 3.70G showed that the SMI isn't
triggered with a probability of 1:40 of all cases when called in a tight
loop. The CPU continues running and the SMI is triggeres asynchronously
a few clock cycles later. coreboot only handels synchronous APM request
and does nothing on asynchronous APM triggers.
As there's no livesign from SMM it's impossible to tell if the handler
has run. Just wait a bit and try again to trigger a synchronous SMI.
Tests confirmed that out of 5 million tries the SMI is now always handled.
Tested on Linux and Windows 10 on real hardware.
Currently this cannot be tested on coreboot and qemu as it doesn't support
the SMMSTORE on qemu.
Signed-off-by: Patrick Rudolph <patrick.rudolph@9elements.com>
This fixes an issue where the framebuffer provided by coreboot or
slimbootloader will only work on the primary VGA device. If the
framebuffer corresponds to a different device the screen will stay black.
In addition, the code doesn't work for multiple graphic cards, has
reference to non existing functions, and is a duplication of common code.
Call EfiBootManagerConnectVideoController on every display device found,
not only the legacy VGA device. This is the same as OvmfPkg does.
Allows to display output on the framebuffer set up by firmware, which might
not be the VGA device.
Signed-off-by: Patrick Rudolph <patrick.rudolph@9elements.com>
Uses the RDRAND instruction if available and install EfiRngProtocol.
The protocol may be used by iPXE or the Linux kernel to gather entropy.
Signed-off-by: Patrick Rudolph <patrick.rudolph@9elements.com>
No need to check the interface protocol then conditionally setting,
just set it to BOOT_PROTOCOL and check for error.
This is what Linux does for HID devices as some don't follow the USB spec.
One example is the Aspeed BMC HID keyboard device, which adds a massive
boot delay without this patch as it doesn't respond to 'GetProtocolRequest'.
Signed-off-by: Matt DeVillier <matt.devillier@gmail.com>
Signed-off-by: Patrick Rudolph <patrick.rudolph@9elements.com>
the default value, TRUE, causes reboots if a device boots to the
shell, exits, and then attempts to boot from another source.
Signed-off-by: Matt DeVillier <matt.devillier@gmail.com>
Add support for Bayhub eMMC controller found on AMD
Stoneyridge Chromebooks.
Test: build/boot various google/kahlee-based devices
Signed-off-by: Matt DeVillier <matt.devillier@gmail.com>
Add device type prefixes for USB, IDE, SATA, and NVMe drives.
Remove UEFI prefix, remove serial numbers.
Signed-off-by: Matt DeVillier <matt.devillier@gmail.com>
BMP files by tools other than MS paint can have a
variable number of padding bytes, which results in
the DataSize being less than (ImageSize - HeaderSize).
Fix the check to be less stringent.
Test: use BMP created by/saved by Photoshop
Signed-off-by: Matt DeVillier <matt.devillier@gmail.com>
This is a shoehorned-in implementation of an ACPI BGRT
table, ported pretty much directly from the version used
under CorebootPayloadPkg.
EDK2 provides a facility to do this already, but it assumes
the ACPI tables already exist as EFI structures, so would need
to write code to populate those using the tables already in RAM
created by coreboot. This seemed like the easier option ATM.
Signed-off-by: Matt DeVillier <matt.devillier@gmail.com>
V1: Add quotes when using $(ARCH) in .dsc and .fdf file.
The quotes are added due to the way by which Core ci parse the .dsc file.
Add UINTN in Hob.c to fix cast from pointer to integer of different size error.
V2: Delete lines which reference ShellBinPkg.The pkg doesn't exist in edk2.
Cc: Guo Dong <guo.dong@intel.com>
Cc: Ray Ni <ray.ni@intel.com>
Cc: Maurice Ma <maurice.ma@intel.com>
Cc: Benjamin You <benjamin.you@intel.com>
Signed-off-by: DunTan <dun.tan@intel.com>
Reviewed-by: Ray Ni <ray.ni@intel.com>
Signed-off-by: Matt DeVillier <matt.devillier@gmail.com>
Change-Id: I18c2027f57a4fbf291925a11226ed620b808a970
Map->Operation is used to select whether a DMA region that
is being bounced has the source buffer copied to it. Except
Map->Operation isn't yet set, so the behavior is somewhat
random. Instead use the passed in Operation parameter.
Signed-off-by: Jeremy Linton <jeremy.linton@arm.com>
Reviewed-by: Ard Biesheuvel <ardb@kernel.org>
